Hope you don't mind me jumping in Ron, but I see it's getting late, and
thought you might not get back to Bob until tomorrow, so I want to
contribute some thoughts for Bob. Here are a few things you can check Bob.
1. With that much CPU usage by explorer.exe, you probably have an
infection of some type, e.g. a Trojan Horse, hidden server, hidden
script, etc.
2. Antivirus programs are good at what they specialize in (removing
viruses/worms), but nothing else. They are poor at things they do Not
specialize in (removing Trojans, spyware, malicious scripts, and so on).
Same logic applies to anti-spyware programs (good at what they
specialize in, but poor at everything else).
3. You guessed it. Programs that specialize in removing Trojan Horses
are called anti-Trojan programs. The best of these are Trojan Hunter
and Ewido. See
http://www.anti-trojan-software-reviews.com/
These programs also actively monitor/screen processes to protect you
from invasions in progress (which most free programs do not do). Most
free versions of anti-virus and anti-spyware programs only mop up after
the damage is already done. Imagine using a free version of an
anti-spyware or anti-virus program, which only mops up after the damage
is already done (e.g. after your bank account number/password has
already been captured and sent to Russia). What good is that ? Try the
30-day trial version of Ewido. For anti-Trojan protection, it is far
superior to programs that do a little extra on the side (like the roofer
who does car repair on the side), but do Not specialize in Trojan
detection/removal.
4. Are you sharing your files/printers with the world ?
At the bottom of the View tab in Folder Options, uncheck Simple File
Sharing, if you're using XP Pro. Now you can check specific permissions
on specific drives/folders. Upgrade to XP Pro, if you don't have it.
It is much more versatile for security.
5. Are any drives or folders shared with Everyone in the world ?
Right click critical drives and folders, and select Sharing and
Security. Are any important drives or folders shared with Everyone in
the world ? Look for Everyone under C: or \Windows or \Program Files or
\Documents and Settings, etc. Everyone does not mean only people with
account names. Where you find Everyone, delete it.
6. Not meaning to take anything away from hardware routers/firewalls,
but ZoneAlarm does some things that many cheap hardware
routers/firewalls cannot do. For example, when I first started using
ZoneAlarm, it kept popping up questions like do you want &?@#$.exe to
use Explorer.exe to access the internet ? (where &?@#$ was one of many
infections). Most cheap hardware routers/firewalls cannot come close to
doing this. Like so many security suite want-to-bes, they just dumbly
allow certain programs unfettered outbound access, without question
(e.g. always give Outlook or IE outbound access, regardless of what
malicious infection is using them to do their dirty work). You don't
need the Pro version of ZoneAlarm for this, and you don't have to drop
big money for it either. It's easy to find previous versions for sale
dirt cheap.
7. Now run a program like Shields Up and Leak Test at
www.grc.com.
Shields Up tests your vulnerability to inbound infections. Leak Test
tests your vulnerability to internal infections reaching outbound (e.g.
sending your private personal data to Russia). Most cheap hardware
routers/firewalls fail miserably on this second one.
8. On the subject of outbound breaches of security, another wonderful
tool can be found at
http://www.mvps.org/winhelp2002/hosts.htm.
It is not a program so it uses no memory or CPU resources. When you
download their Hosts file, replacing the useless one you have now, the
way it works is by using Windows own feature of looking first at the
Hosts file to translate URLs (web addresses). In this case, if Windows
finds a URL known to be malicious, then it gets translated to 127.0.0.1
instead of going out to the internet to translate the web address (using
the DNS server). 127.0.0.1 is just an internal loopback address that
translates to nothing. As a result, what I now see in web pages that
people commonly consider safe, are panels that say "unable to connect to
the following web site" or "the following web site could not be found",
such as one panel on ZDnet's home page.
Now it's getting late for me, and I need to go sleep.
If I think of some more good stuff tomorrow, I'll come back and add it.
When Ron comes back, he will probably add lots of good stuff too, since
he is a certified MVP, and I have nothing more to offer than 33 years of
street-smart experience.
Jonathan
I installed and run the the trojan hunter and it showed no problems....when I open task mgr and I pause it this is what it shows...CPU usage..100% and the top five CPU users are................task mgr.exe......wmplayer.exe[had internet radio on]......[Iexplore.exe......explore.exe. these two using the most]....and csrss.exe.....these items chage some,but it seems like the iexplore.exe and explore.exe are the big users most of the time. Ron had asked me too list the top five CPU users when task mgr is opened....thanks for the help............................Bob
Ron........Back again about high CPU's...When I first open task manager it
shows explore.exe using a high amount of CPU's[ one time it was using 50-60]
and the total CPU usage was at 100%....but the explore.exe count drops to
[00] real quick and the total CPU usage drops down to 0-10% range. Use
spyware program and it doen't show any spyware. It runs daily. Could thier
still be "trojan" infestation and how do you check for it ? As I said I have
Norton Anti Virus protection and I thought it was supposed to catch them.
Thanks for you time.....................Bob
Ron Martell said:
Have a gateway computer..3 1/2 years old. Lately having problems. Starting to
hang/drag on me. Has 512 memory. On high speed internet connection. Have the
anti-virus. System shows ...status ok. and I keep everything cleaned up. Run
all the nesssecary clean up tools. I see that little hour glass symbol
beside the curser to often. CPU's runnung to high. When I bring up task
manager window it most always shows cpu's at 100 % and then starts dropping.
Anybody else having these problems? Any help would be appreciated.
Thanks..............Bob
In the Processes tab of Task Manager click twice on the CPU column
header. That will sort the list into descending order by CPU usage.
Post the names of the 4 or 5 highest usage items back here.
Note that high usage by EXPLORER.EXE is very often a sign of a
spyware/trojan infestation.
Good luck
Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca
"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."
